Solved

Sonicwall or Juniper?

Posted on 2008-10-16
17
1,888 Views
Last Modified: 2013-12-04
I am looking for a prelogon VPN 2-factor SSL-VPN i have narrowed it down for my SMB to Sonicwall or Juniper Networks. Anyone with experiennce with both? I am looking to make a good decision. We need a prelogon GINA so that we arent using cached credentials for logon and GPO settings. Please let me know what is best for a SMB with a $2200 budget for this appliance.
0
Comment
Question by:mxrider_420
  • 8
  • 7
  • 2
17 Comments
 
LVL 7

Expert Comment

by:VCBooth
ID: 22738665
Hi - my personal preference is the SonicWALL SSL-VPN 2000 for this. It links with your AD and you can link with Radius server and for client experience is at least 10 times quicker than Juniper.  It is also a lot easier to administor and more configurable.  Perhaps more imporantly it is an unlimited licenced product.  They suggest continuous users for the SSL-VPN 2000.  A smaller box is the SSL-VPN 200 which has about 98% of the functionality of its big brother.  This is recommended for 10 continuous users.

Match with a SonicWALL box running Enhanced OS and you have Gateway AV, AS, Intrusion Detection & Prevention on the SSL-VPN traffic and also can perform NAT load balancing so you can have multiple SSL devices in a redudant situation.
0
 
LVL 18

Accepted Solution

by:
deimark earned 250 total points
ID: 22739006
Have no experience on the sonicwall, so cannot comment on their specs or price, however I will disagree with VCBooth above about his comments on the SA series kit.

The Juniper Secure Acces (SA) SSL VPN appliance is THE best out there for SSL VPN feature, functionality and integration with other technologies.  I am not a juniper salesman here, just following my own experiences of SSL VPN boxes and info taken from Gartner magic quadrant stuff.

The SA boxes are not cheap, but you get what you pay for here.

They have multiple auth methods, ie they link in with AD/LDAP. RADIUS, RSA, plus a few others.

You can configure resource access down to a fairly detailed level of access.

It has a very good host checker which will confirm that the client machine has things like AV up to date, personal firewall etc and it reduces resource access if any of the criteria is not met.  ie if you are on a corporate laptop with full AV and FW etc, you get full access, if you are in an internet cafe, you get basic web access only.

Sadly I cant comment on the interface of the sonic wall, but the SA GUI is well laid out, quite extensive and quite a few really good features that I have not seen on other SSL VPNs, (Check Point connectra and F5 Firepass).

With all this said, although the Juniper would get my vote, it may be out of your price range

HTH
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 22741489
deimark:

does the SA 700 do the same things you were speaking about? I can get that for $1400 and thats cheaper than we were going to be spending and to be honest we wouldnt have more than 10 users concurrent at anyone time anyways. I liek the sound of Juniper and Sonicwall now too, as i havent used either, so if it comes down to price i will make a decision on that if both featuresets are the same. Doyou know if the Juniper SA700 would do these features you sopke about?
0
 
LVL 18

Expert Comment

by:deimark
ID: 22742004
Sadly, the SA700 does not have all the functionality of the rest of the range, and this has been mentioned to Juniper several times, but what the SA700 does offer is:

*  Core web access, ie all web bookmarks, file shares etc
*  Network Connect, gives full SSL VPN functionality

The rest of the range have both of those, plus secure meeting (think webex tool or gotomeeting) and Secure Application Manager, which can secure all your remote apps etc.

I have uploaded 2 datasheets which gives you more info to compare.

Personally, I think the SA700 is a cut down version of a very good product, but if the standard web access and network connect is all you need then go for it.

If I had the money, I would definitely go for the SA2500 as a minimum.  As I said you get a lot more for your pennies.

Let me know if you need anything else on this.

DM
SA700-Datasheet.pdf
SA2500-4500-6500.pdf
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 22745778
"If I had the money, I would definitely go for the SA2500 as a minimum.  As I said you get a lot more for your pennies."

---- Did you mean the 2000 Base Unit?
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 22745798
I am bidding on this on emay ---
SA2000 Juniper Networks Secure Access 2000 Base System Item number: ITEM# 250309444825

----

does this have all the bells and whistles you speak of?

thanks
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 250 total points
ID: 22746006
SA 2000 does have all the features of the SSL VPN.

One point tho, the SA2000, although still sold by Juniper, is not the new model.

They released the SA 2500, 4500 and 6500 around 4 months ago, and tend to try and point new customers towards he new line.

As I said, you can still get the older units, but these may not support the future releases of the IVE software (the SA OS) as the new boxes have different hardware.

But for the price of the one on ebay, its certainly a good option.  It will run the latest and greatest version of the IVE, which is 6.3 right now, which should keep you going for a year or 2 at least.

Good luck with the bidding. :D
0
 
LVL 18

Expert Comment

by:deimark
ID: 22746020
For technical specs tho, the SA25000 is almost exactly the same, but the 2500 has newer hardware and all the newer versions of IVEOS will be written for the x500 series.

HTH
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:mxrider_420
ID: 22746173
thanks for the help.

what is IVEOS?

and do you think that id need anything greater with only 10 concurrent users?
0
 
LVL 1

Author Closing Comment

by:mxrider_420
ID: 31507025
This Expert was great, really well spoken and clear in his messages were clear and concise
0
 
LVL 7

Expert Comment

by:VCBooth
ID: 22747482
I would trial a SonicWALL ssl VPN 200 - juniper is NOT the best ssl solution out there, Aventail is - which of course is the ssl VPN 200's big expensive brother!
0
 
LVL 18

Expert Comment

by:deimark
ID: 22748354
@ VCBooth.

I am sorry you disagree with me here, but I am not just giving my own opinion.  However, please feel free to provide any documents you have that show the Sonicwall as a market leader, I am genuinely interested in this.

I support a great many vendors at the highest levels and have access to quite a lot of the high end products and also the world rankings of these products.

Sonicwall may indeed be a great product, but according to the Gartner charts, Juniper is at the top.

Sadly, I don't have access to teh current standing, but the link below shows sonicwall as very good, but Juniper leads;

http://mediaproducts.gartner.com/reprints/sonicwall/article1/article1.html

As for the IVE OS, its the software/operating system that runs on the SA series kit.

If you are only looking for protection of 10 users, then Juniper may be overkill.  It is indeed a question "different horses for different courses"

HTH
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 22748380
Well we have 50 in the office, but i truly cant forsee anymore than 10 being on at one time, perhaps froma  confrence or something like that. But yea overkill is good as long as it is easy to configure. If i end up purchasing a Juniper kit is it easy to configure with a web GUI? I have my CCNA and have done router / appliance CLI configurations before and hate it. If it doesnt have a easy to naviae GUI than id like to look atother poducts.
0
 
LVL 18

Expert Comment

by:deimark
ID: 22748427
A reasonably technical person can set up an SA appliance.  If you manage to get the SA 2000 on ebay, that will do the deed for you and your company for a couple of years.

Juniper SA can sem a little complicated at first when setting them up as they user authentication realms to link in with Auth servers, form that user roles are determined (including host checker etc) and then you add bookmarks to the roles web page.  But with this type of set up, you have a great deal of control over what you can allow/deny to users.

If all you need is basic web access to intranet sites, outlook web access and perhaps network connect (full VPN connectivity), then the Juniper may be overkill.  But I have seen these devices set up in small businesses like your own and its a perfect fit.
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 22748494
so basically all these configurations are done via a web GUI? I read thah link you posted it seems like they are the best bang for the buck. DO they also havd a fat client that sits on the machine in the task bar too s o that remote users can right click and go "connect" and be logged into the network?
0
 
LVL 18

Expert Comment

by:deimark
ID: 22748528
Hehe, you are thorough. :D

The SA is managed via a web gui.

The clients are as close as you can get to clientless technology (ie you still have to download either a java or activex component for the application manager stuff to work.  All can be removed from the client at the end of the session.

The net work connect component (full VPN) does included a download that runs in the system tray, but this is for monitoring the connection.  It can be configured to get removed when the connection is terminated.

The NC component is loaded when the user signs into the SA web portal and then clicks on the NC connect button.

If you get an SA box, and it doesn't come with a full admin guide, use this one (its 7MB so cant upload it here)
www.deimark.net/6.3-IVEAdminGuide.pdf

This is for the latest version of the IVE at 6.3 but most features are fairly similar through the versions.
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 22751241
Thanks for all your help, i appreciate the guidance. i have downloaded that manual too. I am not so worried about zero footprint. i mean thats great for some purposes, but as long as they have a client that can stay as you mentioned thats good too, just to make it easier for some of our staff to connect, rather than always having to go to the web portal. sounds like i got all i need. if this bid fails i will look else where. Perhaps if it does then ill look at the 2500 SA anything more is WAY overkill, sounds like it already is haha, ohh well can never be too good.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now